Skip to main content

Cveclient Cveinterface Js

1 CVEs product

Monthly

CVE-2026-35466 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in CERT/CC cveClient cveInterface.js prior to version 1.0.24 allows injection of arbitrary HTML through untrusted CVE API service input. The vulnerability stems from insufficient input validation, enabling attackers to inject malicious scripts that execute in the context of users viewing CVE data. No CVSS score or exploitation data is available, limiting quantitative risk assessment; however, the attack vector is network-based and requires no authentication.

XSS Cveclient Cveinterface Js
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in CERT/CC cveClient cveInterface.js prior to version 1.0.24 allows injection of arbitrary HTML through untrusted CVE API service input. The vulnerability stems from insufficient input validation, enabling attackers to inject malicious scripts that execute in the context of users viewing CVE data. No CVSS score or exploitation data is available, limiting quantitative risk assessment; however, the attack vector is network-based and requires no authentication.

XSS Cveclient Cveinterface Js
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy